From owner-freebsd-questions Sat Jun 24 7: 3:10 2000 Delivered-To: freebsd-questions@freebsd.org Received: from relay2.inwind.it (relay2.inwind.it [212.141.53.73]) by hub.freebsd.org (Postfix) with ESMTP id BA85837B632 for ; Sat, 24 Jun 2000 07:03:05 -0700 (PDT) (envelope-from bartequi@inwind.it) Received: from bartequi.ottodomain.org (212.141.78.48) by relay2.inwind.it; 24 Jun 2000 16:03:01 +0200 From: Salvo Bartolotta Date: Sat, 24 Jun 2000 15:04:57 GMT Message-ID: <20000624.15045700@bartequi.ottodomain.org> Subject: Re: Confused by Loopback (& security) To: Giorgos Keramidas Cc: freebsd-questions@FreeBSD.ORG Reply-To: bartequi@neomedia.it In-Reply-To: <20000624142438.A27546@hades.hell.gr> References: <20000621205221.A43715@pool0586.cvx20-bradley.dialup.e> <20000623004145.B17268@hades.hell.gr> <20000623193527.B481@dialin-client.earthlink.net> <20000624142438.A27546@hades.hell.gr> X-Mailer: SuperCalifragilis X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > It is not necessary for everyone to be paranoid. However, after=20 playing > around with ipfilter and making myself a closed-type firewall (the=20 rules > are listed at the end of this message), I saw far too many blocked > packets to just ignore the fact that I was being constantly=20 port-scanned > while I was online! > Anyway, the rules that I now use look like: > @1 pass out quick proto tcp from any to any keep state > @1 block in log from any to any > @2 block in proto eigrp from any to any > @3 pass in quick on lo0 from 127.0.0.1/32 to 127.0.0.1/32 > @4 block in log quick from 127.0.0.0/8 to any > @5 block in log quick from any to 127.0.0.0/8 > @6 pass in quick proto tcp from any port =3D 20 to any keep state > @7 pass in quick proto tcp from any to any port =3D 22 keep state > @8 pass in quick proto tcp from any to any port =3D 25 keep state > @9 block return-rst in log quick proto tcp from any to any port =3D= =20 113 flags S/SA > @10 pass in quick proto udp from any to any port =3D 53 > @11 pass in quick proto udp from any port =3D 53 to any > @12 pass in quick proto icmp from any to any > If you care to notice rules @3-@5 in the input chain, you will see=20 that > I only allow packets from 127.0.0.1 on lo0, and the rest of the > 127.0.0.0/8 subnet is filtered out on any interface. Of course, as I > said before, I am paranoid ;-) Hello Giorgios, I have been meeting (and logging) a number of analogous problems; my=20 ipfw (stateful) firewall is also closed. I seem to understand there is, as it were, an Internet cosmic=20 radiation, caused by thousands of crackers (or would-be such)=20 continually scanning millions of machines in order to find out where=20 their Trojan horse(s) is/are operational. Usually, those scans are not specifically aimed at you. However,=20 sometimes they ARE ... Best regards, Salvo =20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message